[VIM] Provable vendor ACK for Album Photo Sans Nom traversal issue

Steven M. Christey coley at mitre.org
Wed Dec 20 18:39:36 EST 2006


Ref: CVE-2006-5320

Following is a diff between versions 1.7 and 1.6, showing cleansing
intended for directory traversal:

18c11
< if(isset($_GET['img']) && file_exists($_GET['img']) && preg_match('!\.(jpe?g|png|gif)$!i', $_GET['img']) && !preg_match('!^(\.){2}|(/\.)!', $_GET['img'])) {
---
> if(isset($_GET['img']) && file_exists($_GET['img'])) {


- Steve


More information about the VIM mailing list